OpenLDAP + SSSD + SAMBA

Hi there,

I have successfully setup OpenLDAP and SSSD with certificates.

The problem now is i am trying to setup samba to use ldap as a backend. the issue i am faced with at the moment is the error " Failed to issue the StartTLS instruction: Connect Error "

i have checked slapd.conf, ldap.conf and all seems to be ok. been looking everywhere and i can’t seem to find out what the problem is.

my FQDN is mainserver.globalsoftware.co.nz (in which the server certificate FQDN matches). my network card has the address of 172.16.0.1. the FQDN for my card is also mainserver.globalsoftware.co.nz.

I would appreciate any help i can get.

thanks heaps

I have similar setup and also was not able to use ldap via ssl from samba. Try to add “ldap ssl = No” to your smb.conf.

You’re post reminded me that I won’t ssl to work between samba and winbind, so I elaborated bit more and it was solved to add “TLS_CACERT /path/to/ca.crt” to /etc/openldap/ldap.conf.

hey thanks for your reply. i appreciate that. where exactly do i need to put ldap ssl =no? just curious.

and also, does the extension of the certificate file need to be a crt or a pem??

i need to be able to have tls encryption when sending files and configuration from a client machine via ldap and then through to samba, encryption intact. or is everything encrypted through ldap thus protecting samba data???

“ldap ssl” = no can be anywhere in [global] section, you can put it for example below ldap timeout.

extension of certifiacate file doesn’t matter.

Only communication between samba server and ldap is encrypted, so just user info. Communication between samba client and samba server is not encrypted.

Hey thanks again for getting back to me so quickly.

i am just wondering if between the client and server for samba can have encryption, or does ldap cover this for you??

also in ldap advanced settings ssl or tls is disabled. is this correct setting??

http://security.stackexchange.com/questions/9159/how-do-i-ensure-data-encryption-on-samba-transmission-on-nix-systems

thanks for that. unfortunately this didn’t help as i am dealing with certificates only for encryption

Is there anyone else out there that may have a clue about making data from client to samba server encrypted as well. my guess would be that if you are already authenticated against openldap, then all your network trafic would be encrypted through ldap to samba server. however, i heard that when you connect to a file share you are connecting to samba server from a client machine and that network traffic is unencrypted.

any assistance would be much appreciated

Thanks again for your help.

i forgot to mention that i have a fully linux network, so all machines are linux only machines. any ideas??